Microsoft Subnet An independent Microsoft community View more

Beginning 2015 with a bang of 3 breaches: Bitstamp, Morgan Stanley, Chick-fil-A

Fearing a hack, Bitcoin exchange Bitstamp has temporarily suspended services. Meanwhile, Morgan Stanley said an employee stole sensitive data on 350,000 clients; Chick-fil-A confirmed an investigation into a credit card breach.

bitcoin
Credit: Dry2

Due to fears of being hacked, Bitcoin exchange Bitstamp “temporarily suspended” service today while investigating the breach. The notice on the site’s home page states, “We have reason to believe that one of Bitstamp’s operational wallets was compromised on January 4th, 2015.”

As a security precaution against compromises Bitstamp only maintains a small fraction of customer bitcoins in online systems. Bitstamp maintains more than enough offline reserves to cover the compromised bitcoins.

Slovenia-based Bitstamp warned customers not to attempt bitcoin deposits to previously-issued bitcoin address as those deposits “cannot be honored.”

Bitstamp hacked Bitstamp

CoinDesk reported that the issue was first noticed after a Bitstamp user attempted to make two deposits that “vanished.” After contacting customer support, he was told that Bitstamp's "transaction processing server detected problems with our hot wallet and stopped processing withdrawals."

You should STOP SENDING bitcoin deposits to your Bitstamp account IMMEDIATELY as private keys of your deposit address may be lost. Your bitcoins already deposited with us are stored in a cold wallet and cannot be affected.

Bitstamp’s potential compromise comes but a few days after Japan’s Yomiuri Shimbun newspaper claimed that Mt. Gox was an inside job and not any external attack. The paper claimed that only 1% of the total 650,000 missing bitcoins can be attributed to hack attacks from outsiders.

Employee steals sensitive data on 350,000 Morgan Stanley clients

Speaking of insider threats, Morgan Stanley fired an employee who stole the account names, numbers and transaction data on 350,000 clients; the insider crook’s plan was allegedly to sell customers’ data.

The breach was discovered and reported to authorities on Dec. 27, after Morgan Stanley discovered sensitive data for over 900 clients on the Internet. Yet the bank claims that it has found no evidence that the data breach resulted in losses to customers. An unnamed source said “the information was displayed only for a brief period, though there were an unspecified number of hits on the site.” The New York Times added that the fired employee is believed to have taken “information on 10% of the 3.5 million customers of Morgan Stanley’s wealth management arm.”

Chick-fil-A credit card breach

In a data breach that likely does not affect the uber-rich like Morgan Stanley, Chick-fil-A -- which operates restaurants in 1,850 locations over 41 states and D.C. -- has confirmed an investigation into a credit card breach. In a public statement, Chick-fil-A said it discovered "unusual activity" on December 19th after being notified of “limited suspicious payment card activity appearing to originate from payment cards used at a few of our restaurants.”

The definition of limited, however, may not imply a small number after all. One unnamed financial institution said it received an alert that contained “nearly 9,000 customer cards” for a breach that potentially lasted between Dec. 2, 2013 and Sept. 30, 2014. Speaking on the condition of anonymity, a banking source told Krebs on Security: “It’s crazy because 9,000 customer cards is more than the total number of cards we had impacted in the Target breach.” The source added that “the bulk of the fraud seemed concentrated at locations in Georgia, Maryland, Pennsylvania, Texas and Virginia.”

So far 2015 is looking a lot like 2014.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.